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Amendment to the Claims 



Opy 



1 . (currently amended) A process for a simplified access control language .that controls 



15 



20 



25 



30 



access to directory entries in a computer environment, comprising the steps of; 

- providing a system aciiniriistidi or defined crea ti n g a r ea d ac c ess contr o l l is t (ACL) r- 

command for a userf[: TI. wherein said 

caid system administrator dofinod read access control list command listing lists a set 
of Lightweight Directory Access Protocol (LPAP^ user attributes that are solootod created 
and controlled by said administrator; 

said user applying said read acoes $ co n trol list command fry listing colocting a 
subset from said system administrator defined LDAP user attributes for allowing authorizing 
u se r d e f i n e d read access to said subset of user attributes to one or more other users[[;]], 
and by listing 

providing a us e r d e fin e d aoc e oo control command attr i bute read list containing u ser 
identifications of said one or more other users such that said one or more other users fe at are 
a ll ow e d authorized to have read access to said user d e fin e d subset of said system 
administrator defined LDAP user attributes; and 

storing said read access control list command in a directory, said directory containing 
said user attributes; and 

responsive to ope pr more Qther user? accessing any of said uw.iattrifrutes, jn said 
directory, said read access control fist command referring to said u se r d e fin e d read list oj 
user identifications at runtime thereby allowing said road ucor idontiffcati effi one or more 
other users read access to said system administrator defined LDAP user attributes{[;]] 

wh e rein said r e ad access control command r es id es in a d i r e ctory conta i ning said LDAP 
attribute s. 

2. (original) The process of Claim 1 , wherein upon a client read access, the directory server 
selects a specific read access control command according to the attribute being accessed 
and refers to the read list of the owner of the attribute being accessed td determine if said 
client has permission to execute said read access. 

3. (original) The process of Claim 1 , further comprising the steps of: 

providing a user defined write list containing user identifications that are allowed to 
write a specified set of attributes; 

providing a system administrator defined write access control command; 
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said write access control command listing the user attributes that said administrator 
has selected for user defined write access; and 

said write access control command referring to said user defined write fist thereby 
allowing said write user identifications write access to said user attributes, 

5 

4. ( o ri g inal) Th e p ro ce ss o f C l aim 3, wherei n upo n a clie n t w ri te acc e ss, t he di rector y se r v er 

selects a specific write access control command according to the attribute being accessed 
and refers to the write Bst of the owner of the attribute being accessed to determine if said 
client has permission to execute said write access. 

10 

5. (currently amended) A process for a simplified access control language that controls 
access to directory entries in a computer environment, comprising the steps of: 

prov i d i ng for a u se r a system administrator creating a dof l nod read access control list 
(ACL) c ommand that lists Lightweight Directory Access Protocol (LDAP) user attributes that 
15 said administrator has co l ootod created for user defined read access, said user selecting a 
subset of usor dofinod said LDAP user attributes from said list for read access to one or 
more other users; 

providing for a user a system administrator creating a d e fin e d write access control list 
XACU_command that lists Lightweight Directory Access Protocol (LDAP) user attributes that 
20 said administrator has sele ct e d created for user defined write access, said user selecting a 
subset of ucor dofinod said LDAP user attributes from said list for- write access to one or 
more other users: 

providing a plurality of user defined access control list command attribute read lists 
containing user identifications of said one or more other users that are allowed to read said 
25 user defined subset from said LDAP user attributes that said administrator has s e le ct e d 
created for user defined read access; a«4 

providing a plurality of user defined access control ]isj command attribute write lists 
containing user Identifications of said one or more other users that are allowed to write said 
user defined subset from said LDAP user attributes that said administrator has Golootod 
30 created for user defined write access: and 

whoroin storing said read access control list command and said write access control 
list command reside in a directory containing said LDAP user attributes; 

wherein wh e n a cli e nt responsive to o ne or more other users requesting read access 
to one of the LDAP user attributes that s aid admini s trator ha s se l e ct e d for us e r - dof i nod road 
35 asses B-oGGurs , applying said read access control list command and the read list of the owner 
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of the attribute being accessed aro usod to determine if said client one or more other users 
has permission to execute said read access; and 

wherein when a client responsive to one or more other users requesting write access 
to one of the LDAP user attributes that sa i d adm i ni s trator has se l ootod for uoor dofinod write 
5 a ccess - occ ur s, applying said write access control list command and the write list of the owner 

of t h e a ttrib u te bei n g a c cooso d are us e d to- deter mine if sai d &fent o ne o r mum othe r-users — 

has permission to execute said write access. 

6. (currently amended) A process for a simplified access control language that controls 
1 0 access to directory entries in a computer environment, comprising the steps of: 

prov i ding a system administrator d e fin e d creating a w rite access control - list (ACL) 
command for a userff: J|. wherein said 

s aid s y s t e m adm i n is trator d e f i n e d w rite access control Jtet command listing lists a set 
of Lightweight Directory Access Protocol (LDAP) user attributes that are se l e ct e d created 
15 and controlled by said administrator; 

said user a pplying said write access control list command bv listing colooting a 
subset from said system administrator defined LDAP user attributes for allowing authorizing 
u se r d e fin e d write access to said subset of user attributes to one or more other users[tIL 
and bv listing 

20 providing a user dofinod access control command attribut e writ e l ist containing user 

identifications of said one or more oth er users such that said one or more other users feat are 
allow e d authorized to have write access to said ucor dofinod subset of said system 
administrator defined LDAP user attributes; and 

storing said write access control list command in a directory, said directory containing • 

25 said user attributes; and 

responsive to one or more other users accessing anv of said user attributes in said 
directory, said write access control Jsi command referring to said u se r d e fin e d writ e list, of 
user_ identifications at runtime thereby allowing said writo usor id e ntification s one or more 
other users write access to said system administrator defined LDAP user attributes!!;]] 

30 whoroin oa i d - writo accocG control command res i des in a diroctory containing eaid LDAP 
attribut es. 

7. (original) The process of Claim 6, wherein upon a client write access, the directory server 
selects a specific write access control command according to the attribute being accessed 

35 and refers to the write list of the owner of the attribute being accessed to determine if said 
client has permission to execute said write access. 

6 
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8. (original) The process of Claim 6, further comprising the steps of: 

providing a user defined read list containing user identifications that are allowed to 
read a specified set of attributes; and 
5 providing a system administrator defined read access control command; . 

: wherein - said - read " Qoccss ■■ control ■ command - - l i s t s ■ th e user attribut e s that ■ 3aid 

administrator has selected for user defined read access; and 

wherein said read access control command refers to said user defined read list thereby 
allowing said read user identifications read access to said user attributes. 

10 

9. (original) The process of Claim 8, wherein upon a client read access, the directory server 
selects a specific read access control command according to the attribute being accessed 
and refers to the read list of the owner of the attribute being accessed to determine if said 

■ client has permission to execute said read access. - 
15 ; 

10. (currently amended) An apparatus for a simplified access control language that controls 
access to directory entries in a computer environment, comprising: 

means for a system administrator dofinod creating a read access control list (ACL) 
command for a userfl; ]]. wherein said 
20 . m e ans for said system admin i strator dofinod r ead access control fet command listing 

lists a set of Lightweight Directory Access Protocol (LDAP) user attributes that are s elected 
cieaied and controlled by said administrator; 

means for said user applying said read access control list command bv listing 
colooting a subset from said system administrator defined LDAP user attributes for allowing 
25 authorizing us e r d e fin e d read access to said subset of user attributes to one or more other 
users[[; Hand by listing 

a usor d e fin e d access contro l command attr i bute * road iict containing user 
identifications of said one or more other users such that said one or more other users teat are 
allowed authorized to have read access to said usor dofin e d subset of said system 
30 administrator defined LDAP user attributes; and 

means for storing said read acces s control list c ommand in a directory, said directory 
containing said user attributes: and 

responsive to one or more other users accessing anv of said user, attributes in said 
directory, means for said read access control list command referring to said user dofinod 
35 *ea4 list of user identifications at runtime thereby allowing said road uoor identifications one or 
more other users read access to said system administrator defined LDAP user attrfrutes[(;]] 
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wh e r e in s aid r e ad acc ess contro l command r esi d es in a d i r e ctory containing s aid 
LD A P us e r attribut es . 

1 1 .(original) The apparatus of Claim 10, wherein upon a dtent read access, the directory 
5 server selects a specific read access control command according to the attribute being 

accessed - an d - refe rs to th e r ea d- list erf t h e o wn er o f - t h e a ttr ibu te bein g a c cess ed- to 

determine if said client has permission to execute said read access. 

1 2. (original) The apparatus of Claim 1 0, further comprising: 

1 0 a user defined write list containing user identifications that are allowed to write a 

specified set of attributes; and 

a system administrator defined write access control command; 
wherein said write access control command lists the user attributes that said 
administrator has selected for user defined write access; and 
15 wherein said write access control command refers to said user defined write list 

thereby allowing said write user identifications write access to said user attributes. 

13. (original) The apparatus of Claim 12, wherein upon a client write access, the directory 
server selects a specific write access control command according to the attribute being 

20 accessed and refers to the write list of the owner of the attribute being accessed to 
determine if said dient has permission to execute said write access. 

14. (currently amended) An apparatus for a simplified access control language that controls 
access to directory entries in a computer environment, comprising: 

25 means for a system administrator creating a defined read access control list (ACL) 

command for a user that lists Lightweight Directory Access Protocol (LDAP) user attributes 
that said administrator has soloctod created for user defined read access, said user selecting 
a subset of u se r d e fin e d said LDAP user attributes from said list for read access to one or 
more other users: 

30 means. for a system administrator creating a d e f i n e d write access control list (ACL) 

command for a user that lists LDAP user attributes that said administrator has eo l ootod 
created for user defined write access, said user selecting a subset of usor dofinod said 
LDAP user attributes from said list for write access to one or more other users; 

a plurality of user defined access control list command attribute read lists containing 

35 user identifications of said one or more other users that are allowed to read said user defined 
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subset from said LDAP user attributes that said administrator has co l ooted created for user 
defined read access; and 

a plurality of user defined access control jjst command attribute write lists containing 
user identifications of said one or more other users that are allowed to write said user 
5 defined subset from said LDAP user attributes that said administrator has so l ootod created 

to r use r d efi n ed w rit e aocess, and ' : 

w h o F oto storing said read access control jisj command and said write access control 
list command reside in a directory containing said LDAP user attributes; 

wherein whan a c li ont responsive to one or more other users requesting read access 
1 0 to one of the LDAP user attributes that oaid administrator ha s se l e cted for u se r d e fin e d r e ad 
acc e ss OOOufs , applying said read access control list command and the read list of the owner 
of the attribute being accessed are used to determine if said elient one_or more other users 
has permission to execute said read access; and 

wherein wh e n a cl i ont responsive to one or more other users requesting write access 
15 to one of the LDAP user attributes that said administrator ha s se l e ct e d for u se r d e fin e d writ e 
aoooGG occurs, applying said write access control list command and the write list of the owner 
of the attribute being accessed arc uood to determine if said client one or more other users 
has permission to execute said write access. 

20 1 5. (currently amended) An apparatus for a simplified access control language that controls 
access to directory entries in a computer environment, comprising; 

means for a system administrator d e fined creating a write access control Est ( ACL) 
command for a userf[: 1l_wterein said 

m e ans for said s y ctorn administrator defin e d w rite access control M command l i s ting 
25 Hste a set of Lightweight Directory Access Protocol (LDAP) user attributes that are sel ect e d 
created and controlled by said administrator; 

means for said user applying said write access control list command by listing 
GOlooting a subset from said system administrator defined LDAP user attributes for al l ow in g 
authorizing uoordofinod write access to said subset of user attributes to one or more other 
30 'userslE H. and by listing 

a u se r d e fined accoss control command attributo writ e li st containing u ser 
identifications of said one or more other: users such that said one or more other users feat are 
al l owed authorized to have write access to said us e r defined subset of said system 
administrator defined LDAP user attributes; an4 
35 means for storing said write access control list co mmand in a directory, said directory 

containing said user attributes: and 
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responsive to one or more other users accessing any of said user attributes in said 
directory, means for said write access control jjst command referring to saidu cor dofinod 
write- list of user identifications at runtime thereby allowing said writo uoor identification s one 
or more other users write access to said system administrator defined LDAP user 
5 attributes]!;]] 

whoroln- said-TJvrfto- -acc e ss-control command" nereides' "In "a'Tlirectory "rontalning"paid "" 

LDAP u se r attribut e e. 

16. (original) The apparatus of Claim 15, wherein upon a client write access, the directory 
1 0 server selects a specific write access control command according to the attribute being 

accessed and refers to the write list of the owner of the attribute being accessed to 
determine if said client has permission to execute said write access. 

1 7. (original) The apparatus of Claim 1 5, further comprising: 

15 a user defined read list containing user identifications that are allowed to read a 

specified set of attributes; 

a system administrator defined read access control command; 
wherein said read access control command lists the user attributes that said 
administrator has selected for user defined read access; and 
20 wherein said read access control command refers to said user defined read list thereby 
allowing said read user identifications read access to said user attributes. 

18. (original) The apparatus of Claim 17, wherein upon a client read access, the directory 
server selects a specific read access control command according to the attribute being 

25 accessed and refers to the read list of the owner of the attribute being accessed to 
determine if said client has permission to execute said read access. 

19. (currently amended) A program storage medium readable by a computer, tangibly 
embodying a program of Instructions executable by the computer to perform method 

30 steps for a simplified access control language that controls access to directory entries in a 
computer environment, comprising the steps of: 

prov i d i ng a system administrator dof i nod creating a read access control list (ACL) 
command for a userfl: ]]. wherein said 

s aid s y s t e m administrator d e fined -read access control list command listing lists a set 
35 of Lightweight Directory Access Protocol (LDAP^ user attributes that are soloctod created 
and controlled by said administrator; 
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said user applying said read access control list command by listing oo l ootjn i g a 
subset from said system administrator defined LDAP user attributes tor allow i ng authorizing 
u ooHfofinod read access to said subset of user attributes to one or more other usersH;! 
and by listing 

5 providing a ucor dofinod acc ess control command attribute r e ad fist containing u ser 

— idei lUficalioi is Of said oi l e or more c i Uierusas t>ud i II i al said on e o r more e rt h e rose r s - fe ai ^are- 



ai l ow e d authorized to have read access to said ucor dofinod - subset of said system 
administrator defined LDAP user attributes; an4 

storing said read access control list command i n a directory, said directory containing 

1 0 said user attributes: and 

responsive to one or more other users accessing any of said user attributes in said 
directory, said read access control list command referring to said ucor d e fin e d - r e a d fist of 
user identifications at runtime thereby allowing said road usor-idontification B one or more 
other users read access to said system administrator defined LDAP user attributesQ;]] 

15 whoroin caid road accoec contro l command rosidos in a di rectory containing said LDAP 
attributes. 

20. (original) The method of Claim 19, wherein upon a client read access, the directory 
server selects a specific read access control command, according to the attribute being 
20 accessed and refers to the read list of the owner of the attribute being accessed to 
determine if said client has permission to execute said read access. 

21 .(original) The method of Claim 19, further comprising the steps of: 

providing a user defined write list containing user identifications -that are allowed to 
25 write a specified set of attributes; 

providing a system administrator defined write access control command; 
said write access control command listing the user attributes that said administrator 
has selected for user defined write access; and 

said write access control command referring to said user defined write list thereby 
30 allowing said write user identifications write access to said user attributes. 

22. (original) The method of Claim 21, wherein upon a client write access, the directory 
server selects a specific write access control command according to the attribute being 
accessed and refers to the write list of the owner of the attribute being accessed to 
35 determine if said client has permission to execute said write access. 
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23. {currently amended) A program storage medium readable by a computer, tangibly 
embodying a program of instructions executable by the computer to perform method 
steps for a simplified access control language that controls access to directory entries in a 
computer environment, comprising the steps of: 
5 providing for a u se r a system administrator creating a d e fin e d read access control 1M 

{flSUrcumnrandT^ user a tti lb q tes -t ha t" 

said administrator has oo l octod created for user defined read access, said user selecting a 
subset of ucor doflnod satd LDAP user attributes from said list for read access to one or 
more other users: 

1 0 providi n g fora usor a system administrator creating a d e fin e d write access control list 

(ACD c ommand that lists Lightweight Directory Access Protocol (LDAP) user attributes fret 
said administrator has soloctod created for user defined write access, said user selecting a 
subset of us e r d e f i n e d said LDAP user attributes from said list for write access to one or 
more other users; 

1 5 providing a plurality of user defined access control list command attribute read lists 

containing user identifications of said one or more other users that are allowed to read said 
user defined subset from said LDAP user attributes that said administrator has oo l ootod 
created for user defined read access; and 

providing a plurality of user defined access control fist command attribute write lists 

20 containing user Identifications of said one or more other users that are allowed to write said 
user defined subset from said LDAP user attributes that said administrator has colootod 
created for user defined write access; and 

wherein - storing said read access control list command and said write access control 
list command reside in a directory containing said LDAP user attributes; 

25 wherein when a cli e nt responsive to one or more other users requesting read access 

to one of the LDAP user attributes that said administrator has soloctod for user - defined - road 
access oocure , applying said read access control list command and the read list of the owner 
of the attribute being accessed ar e u se d to determine if said c ii o R t one or more other users 
has permission to execute said read access; and 

30 wherein whonao l iont responsive to one or more other users requesting write access 

to one of the LDAP user attributes t hat s aid admlnlctrator hoc oolootod for us e r' d e fined writo 
aese s s- occure, applying said write access control lis! command and the write list of the owner 
of the attribute being accessed aro usod to determine if said client one or more other users 
has permission to execute said write access. 

35 
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24. (currently amended) A program storage medium readable by a computer, tangibly 
embodying a program of instructions executable by the computer to perform method 
steps for a simplified access control language that controls access to directory entries in a 
computer environment, comprising the steps of: 
5 provid i ng a system administrator d e fin e d creating a w rite access control list (ACU 

wn nir cfl f irrorj Ti ^ ^^ — ! ' 

said system admin i strator defin e d w rite access control list command listing lists, a set 
of Lightweight Directory Access Protocol (LDAP) user attributes that are oo l ootod created 
and controlled by said administrator; 

10 said user a pplying said write access control list command by listing se l ecting a 

subset from said system administrator defined LDAP user attributes for allowing authorizing 
usor dofinod write access to said subset of user attributes to one or more other users[[;]L 
and by listing 

prov i ding a . u s or dofinod across contro l command attribute writ e- list containing user 
1 5 identifications of said one or more other users such that said one or more other users te al erne 
a l lowed authorized to have write access to said usor dof i nod subset of said system 
administrator defined LDAP user attributes; and 

storing said write access control list command in a directory, said directory containing 
said user attributes; and 

20 responsive to one or more other users accessing anv of said user attributes in said 

directory, said write access control M command referring to said user d e fin e d writ e list pj 
user identifications at runtime thereby allowing said writ e u se r id e ntifications one or more 
other users write access to said system administrator defined LDAP user attributes!!":!! 

w fr o f o fo- said writo a coo o s control command r esi d es in a dir e ctory containing s aid LDAP 

25 attributes . 
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